The White House on Wednesday announced new policies improving public and private security efforts to protect critical U.S. infrastructures against the growing threat of cyber attacks.
"Cyber threats pose one the gravest national security dangers that the United States faces," President Barack Obama said in releasing the 39-page report.
A report called "Framework for Improving Critical Infrastructure Cybersecurity," is the latest step in federal government efforts to better coordinate and share information on cyber threats, design methods to prevent and counter attacks, and restore networks that control critical infrastructure after attacks.
"The national and economic security of the United States depends on the reliable functioning of critical infrastructure," the report said. "Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the nation’s security, economy, and public safety and health at risk."
China has been identified as a major cyber attack threat. Chinese-origin hackers, including those linked to the Chinese military, have been detected in recent years conducting what security officials say are vast cyber reconnaissance and cyber espionage attacks against U.S. government and private computer networks.
Iran was blamed for a series of cyber attacks on U.S. financial institutions last year.
U.S. intelligence agencies recently warned that malicious software from Belarus developed by state-controlled software engineers may have been planted inside the government’s new federal healthcare network.
Release of the report follows recent reports of a shooting attack last year against a Northern California electrical power station that sought to create a major electrical power outage.
Homeland Security Secretary Jeh Johnson said the attackers of the April 16 substation in Northern California were trying to disrupt power to Silicon Valley, the United States’ high-technology innovation hub.
"The perpetrators used high powered rifles to fire shots at 17 large electrical transformers," Johnson said at the White House. "With some sort of crude cutting device, they also severed two sets of telecommunications lines near the substation, in an attempt to prevent 911 calls and systems from alerting operators of the attack on the transformers."
Johnson said the public needs to understand that such events could be carried out by cyber attacks. "A cyber attack could cause similar, and in some cases far greater, damage by taking several facilities offline simultaneously, and potentially leaving millions of Americans in the dark," he said.
Obama said the framework, developed by the National Institutes of Standards and Technology in consultation with private sector companies, seeks to improve efforts to counter threats to critical infrastructure. A February 2013 presidential directive outlined the need to protect infrastructure, including electrical, financial, transportation, water, and communications networks.
"Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property," Obama said.
Johnson said that in addition to helping improve infrastructure protection policies, the government is setting up a Critical Infrastructure Cyber Community, or C3, a voluntary government-private sector partnership to help counter and respond to cyber attacks.
"The C3 program gives companies that provide critical services like cell phones, email, banking, energy, and state and local governments, direct access to cybersecurity experts within the Department of Homeland Security who have knowledge about specific threats we face, ways to counter those threats, and how, over the long term, we can design and build systems that are less vulnerable to cyber threats," Johnson said.
A senior administration who briefed reporters on the cyber security initiative said infrastructure faces threats from terrorism, natural disaster, and cyber attacks.
"And because the majority of our national critical infrastructure is owned and operated by private companies, both the government and the private sector have a shared responsibility to reduce the risks to that critical infrastructure," the official said.
The goal of the framework is to offer government agencies and private sector companies and institutions risk management principles and practices for protecting infrastructures. It offers training and organization guidelines adapted from industry.